This guest post is contributed by my Aussie mate, Jim Hillier. Jim is the resident freeware aficionado at Dave’s Computer Tips. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele… as well as writing for DCT, of course.
Seems every new day brings news of yet another database breach or two. There was a time when I followed news of these hacks and breaches with interest but they are now so frequent that, unless one is personally involved, it has all become rather mundane.
However, the whole situation begs a couple of important questions and, at the same time, re-enforces the critical nature of how we choose and manage our passwords.
1) Why are companies/site owners not treating users’ data with the utmost care?
I don’t know about you but I am fed up with the lax way in which companies and site owners treat sensitive data which is entrusted to their care.
In today’s internet world, database breaches are a matter of fact yet site owners continue protecting sensitive data using outdated and weak security protocols. Only just recently a new breach came to light involving 40 million passwords extracted from over 1000 sites associated with a Canadian company called VerticalScope. What security protocol did the sites employ to hash and encode users’ passwords… MD5… a known weak and insufficient algorithm.
2) When will governments legislate to ensure that companies/site owners are accountable?
Surely it is incumbent upon these companies/site owners to protect their patrons’ data with the best and most effective security protocols available. However, as many (if not most) seem apathetic to this most basic of duties, then perhaps it’s time for legislators to consider introducing serious punitive measures for those who fail to do so.
By the way: in response to news of the breach mentioned earlier, VerticalScope’s vice president of corporate development Jerry Orban was quoted as saying:
“We are reviewing our security policies and practices and implementing security changes related to our forum password strength and password expiration policies across certain forum communities.”
How many times have we heard that pathetic response – I believe it’s commonly referred to as shutting the stable door after the horse has bolted. Message to site owners: perhaps these steps might be better implemented before a breach rather than after. Duh!
Lessons to be Learned
How many times have you read the following advice regarding passwords:
· Choose strong passwords and use a different password for each log-in/account.
· Change passwords for critical accounts, such as banking, PayPal, etc., frequently.
· If two-factor authentication is available, use it!
If there’s one lesson to be learned from all these breaches and hacks it is the absolute need to follow these basic principles. Remember, if you use weak passwords and/or the same password across multiple accounts, if one account is hacked all the rest are at serious risk.
Too many people just glide along ignoring the dangers until it actually happens to them, however, this is surely a lesson better learned from other people’s mistakes rather than from our own.